Lucene search
GoogleOSV:GHSA-P8F7-22GQ-M7J9HistoryOct 17, 2022 - 12:00 p.m.
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-1712:00:27
Google
osv.dev
19
phoenix
1.6.14
check_origin
wildcarding
liveview
csrf token
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
Related
nvd
nvd
CVE-2022-42975
2022-10-17 06:15:08
cvelist
cvelist
CVE-2022-42975
2022-10-17 00:00:00
osv
osv
CVE-2022-42975
2022-10-17 06:15:08
prion
prion
Cross site request forgery (csrf)
2022-10-17 06:15:00
cve
cve
CVE-2022-42975
2022-10-17 06:15:08
github
github
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-17 12:00:27
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
Related for OSV:GHSA-P8F7-22GQ-M7J9